Warning: Big Security Risk In Some Ubisoft PC Games

Share this:

Update – Ubisoft may have plugged the hole, but it’s difficult to know for sure as they don’t appear to be discussing the issue. There are reports on the Ubi forums (thanks, Imperial Dane) that Uplay has been updated to version 2.04, which if the commenter is accurate bears the note “‘Fix addressing browser plugin. Plugin now only able to open uPlay application.” If your Uplay hasn’t/won’t update to version 2.04, I’d get rid of it and its plugin for now. To be honest I’d get rid of the plugin regardless, until we’re sure the problem’s been resolved.

We’re currently investigating the full extent of this, but moralising and recrimination can come later. For now, the important thing is to warn folks who have certain Ubisoft games installed on their PCs that an apparent backdoor has been discovered in the Uplay infrastructure/DRM which may in theory allow any anyone so minded to install God knows what horrors on your PC. It isn’t confirmed as definite, but certainly proof of concept code is calling up Uplay windows and then loading other programs from websites that have nothing to do with Ubisoft. If Uplay is on your PC, I urge you to uninstall it and any games that use it immediately, until we know more. Update: the flaw lies specifically in a browser plugin Uplay quietly installs, and the general consensus is now that’s all you need to remove to protect yourself. See below for details on how to rid your PC of it.

Essentially, as described here, with the right piece of code any website can call up a Uplay window and from that might be able to slip a program install or launch of their choice onto your PC. Were someone with malevolent intent to inject the code onto a commonly-visited website, they might be able to gain control over any number of PCs – or install keyloggers, viruses and the like, or just plain old wipe your hard drive. The web security expert we chatted to says this could even occur via an email link, making this exploit a phisher’s dream if it’s as a bad as it sounds.

Says the expert we spoke to, “you could click on a weblink, thinking you were visiting the BBC News Website from a friendly list of bookmarks. Except it’d also install a program via UBISoft’s DRM plugin which wiped your hard drive. It is a genuine threat. All it would take is an exploited wordpress, say.”

But I come here not to sensationalise, but to warn. With news of this backdoor spreading like wildfire and proof of concept code already out there, there’s a very real chance that someone will try to achieve something unpleasant with it before Ubisoft can shut it down. That’s presuming it is what it appears to be, of course – this may turn out to be an exaggeration, especially as the internet does so love to mock Ubi’s notorious DRM, but so far the evidence very much points to this being as dangerous as it sounds. I’ve contacted Ubisoft for comment and will update as and when we know more. There’s been no response as yet, and other sites are reporting similar silence.

The fault does appear to specifically lie with a browser plugin Uplay installs rather than Uplay itself, so remove that from your Firefox/Chrome/IE/etc extensions as a priority, but I’m erring on the side of extreme caution and advocating the removal of anything associated with Uplay until this apparent threat is dealt with. Here’s how to locate and disable the errant plugin:

Contrary to what some parts of the web are currently screaming, this is not a rookit – it’s an exploit in a browser extension. Alas, the vast majority of folk with said browser extension will have been hitherto unaware that Uplay had installed it.

You can find the games which apparently include the exploit listed below. If you have any of them on PC, I would urge you to uninstall them and any Uplay applications as soon possible as a precautionary measure. If you have any of these games on your PC, you can also see the apparent exploit harmlessly in action with the link here.

We’ve tested with a PC that has never had Uplay installed on it. The exploit didn’t work at all. After installing Uplay alone, immediately the test link did indeed work, calling up the Uplay window, and then with that, booting the Windows Calculator. After uninstalling Uplay, the exploit once again didn’t work.

Calculator’s hardly scary of course, but if someone could use the exploit to slip another program onto your PC or run command lines, anything could happen. Frightening – even if there is still something of a question mark over exactly what level of access a nasty soul could go on to achieve. Additionally, this software would appear to allow Ubisoft to monitor PCs running Uplay, but again let’s wait for more details before any hammers of judgement are wielded.

It appears versions of some of these games are Uplay-free and thus in theory safe, but again it may be better to be paranoid than sorry. You can always reinstall later, right? I’d also urge you to check your list of installed programs in Windows, just in case an old install of the Uplay launcher/plugin is hanging around despite your having previously uninstalled any games that used it.

I’m not at all certain that list is complete, given other games are known to use Uplay – From Dust, for instance. Check your program installs and browser extensions/plugins for any trace of it regardless – it might be there from an older install even though the game that carried it is no longer on your PC.

Replying at top so folks can see it: I have got the Steam versions of AssCreed II and AssBro, and I do not seem to have the plugin at all. I checked by loading that link (doesn’t bring up calculator) and looking at my plugins. So hopefully Valve made Ubi take their Naughty-ware out and that means folks who have the Steam versions will be ok **breathes sigh of relief**

EDIT: I did this before starting Steam, so it would not have had the chance to patch. This hopefully means it was never affected.

For those reading this, it’s best to remove IE by using the ‘Turn Windows Features on or off’ program, as you can then later re-install it if you need to from that dialog. Search “windows features” in the Start Menu, or find it at C:/Windows/System32/OptionalFeatures.exe.

Alternative:
6) FUUUUUUUUUUUUUUUUU then think about that rescue Linux Distribution (I suggest Parted Magic, due to high number of disk management utility while been lightweight) live USB or live CD you should had created while you still had a web browser.
7.1) Don’t have it ? Proceed to alternative_2 8
7.2) Have it ? Continue to 8
8) Put into the computer the computer the support containing the live distribution and reboot to it
9) Set up network connection (wired residential connection should be automatic)
10) Use the web browser included in the distribution (most likely Firefox) to go download Firefox windows version (any recent Linux shouldn’t have trouble writing it to NTSF if you have no external support room left (like on the storage left on your live USB =p))
11) Reboot to windows and proceed to install firefox and enjoy not having to reinstall all your windows software. =p

Alternative_2
8) Go into the program manager in the control panel
9) Use it to reinstall internet explorer (might require you your windows installation disk has to do a re-installation from it)
10) Use IE to download a superior web browser
11) Install superior web browser
12) Make sure superior browser in working state: if not, go back to 10; if yes, uninstall internet explorer
13) Use superior web browser to get what required to make a Live Linux rescue medium (Parted Magic is still the suggestion like always)

For those looking for the plug-ins section rather than extensions in Chrome, I went to settings and used the handy search at the top right for ‘plug-ins’, which in turn gave me a handy yellow arrow pointing to the right category, and then highlighted plug-ins in yellow on the list. Uplay PC was in there.

Yes techncally not a rootkit because it doesn’t install itself at a low enough level (think a true rootkit has been installed at the lowest of the os level, so basically impossible to remove without breaking the os), but rootkit like capabilities if it can run stuff from the windows directory and backdoor because of the stuff it opens. If it can run cmd.exe (in the same folder as calc) you can do basically anything you want, maybe even escalate permissions, or at the very least delete all your save games or something equally dickish.

Plan to test this when i get home to see what happens, all currently depends on what can be done,with command line access you can do a surprising ammount.

That’s not “rootkit like”. A rootkit is a program which actively hides its existence and/or other programs’ and files’ existence from the rest of the system and the user. This is just a stupidly dangerous backdoor. Still bad, but not as bad as a real rootkit.

Did you actually read all of what i wrote or just blank out after “rootkit like” a decide to quote that? As i clearly said (as part of the rest of the sentence) that it has rootkit like capabilties if its a backdoor and can run stuff without asking.

I never said it was “like a rootkit”, i said it can do things that a rootkit can do, two different things :P

Sorry, I’m not aware of any way to distinguish between “quoted speech” and “air quotes” on a keyboard. Poor choice on my part.

Without bogging down in minutiae (just deleted a wall of text), the things you described are properties of a backdoor, not a rootkit. I’m just trying to correct the misinformation being spread by that stupid, stupid Hacker News headline.

It’s not so bad, though. One website was claiming that the (air quotes) “Uplay network has been hacked into”. *sigh*

Sorry I didn’t think i would have to put stuff in speech marks to make it so that people read the entire sentence, I will remember that next time.

Also the two ascept of a rootkit are

“A rootkit is a stealthy type of malicious software (malware) designed to hide the existence of certain processes or programs from normal methods of detection and enable continued privileged access to a computer”

Yes it doesn’t do the first (as far as we know, i doubt it however as it would need a lot more stuff installed to do that), however it does do elements of the second as any tiem the browser is loaded , you have access.

Thus rootkit like behaviour.

We can argue over semantics a lot but its not going to matter to most people :P

I think Chrome doesn’t let this happen, or at least my configuration of Chrome doesn’t. I don’t get that Uplay window or the calculator, I just get a plugin error image when I go to the test page. Yes, before anyone asks, I do have Uplay installed thanks to Driver.

Still, shocking lapse of security for this to have been allowed through.

No, it can do it to Chrome too. One of the posts suggests: “Google chrome users: You can go to “about:plugins” and disable this and all other things that might expose you to extra security risks such as “Microsoft Office” (even “Native Client”) or any other plugins that exposed in there by 3rd party without any confirmation.”

I uninstalled the one game I have from the list and heartily recommend everyone does but damn if this isn’t annoying for people on a slow internet or with bandwidth caps. Much much less annoying than having your computer of course but still, an additional gripe.

Edit: Even if this is just a bad plugin fuck it, I’m glad I uninstalled. Better safe than sorry.

Hooray for an epic fail. The second I started playing Splinter cell conviction after pirating it, I gave up on the horrible 1 button does everything controls(I hate those in general, but this game had the worst configuration in my opinion), the bad mouse sensetivity and how it’s mostly a third person manshoot with some resemblence of stealth. I uninstalled it and dropped all Ubisoft games from my mind.

Exactly. At this point, I feel much more self-satisfied knowing that I simply don’t touch Ubisoft games at all rather than the whole ‘pirate as a protest’ thing, which is such a feeble excuse for piracy.

You don’t have an inherent right to try a game before spending money on it. If the game has a demo then you can try that, otherwise you have to decide whether to buy it hoping you’ll enjoy it or avoid it entirely. You can read reviews about the game. You can wait to see what other people think.

But nothing gives you the right to pirate the game. Pirating games encourages companies to use such strict DRM measures, like UPlay.

If you put nothing into the making of the game and have not paid for the finished game then why should you have any say in what may or may not be done with the finished game? They set the terms on whether there is a demo or not, and they set the price. If you don’t think it is worth it then you don’t have to give them anything.

Also, as already mentioned, there are alternative ways to learn about a game. In fact by pirating it you are probably less likely to read reviews of the game, which takes business away from magazines/websites. You could even decide to wait until it is very cheap in a sale, which you might not have done if you had pirated it. I think you would need to justify why piracy isn’t harmful.

(I realise that retail stores can set there own price but they have to pay for the stock in the first place, and that price is negotiated between the store and the game’s publishers.)

If you download a cracked copy with the intent of trying before buying (because you actually do have a habit of doing so, instead of just using it as an excuse), because no demo is available and you end up buying the game which I, for example, have done several times, it’s an example of piracy actually encouraging sales.

See: the problem here isn’t people downloading cracked copies of games. That’s actually 100% a non-issue. Just as downloading a movie from a non-legit torrent is actually a non-issue. If I bought a legit Blu-Ray copy of a movie and then download a second version from a torrent because my laptop doesn’t have a Blu-Ray player and/or the DVD drive is broken, that’s not hurting the publisher. In this example I’ve bought their product. Which is the real issue: people not buying the products.

Sometimes people download cracked copies of games in order to see if they’re worth buying, and not just as an excuse. I’ve had to cut back on doing so because I can’t afford to buy every cracked game I try. “Pirating” games =/= lost sales.

EDIT: Beaten by several others. Well said mrmalador.

@Melliflue:
“They set the terms on whether there is a demo or not, and they set the price. If you don’t think it is worth it then you don’t have to give them anything.”

And how am I supposed to decide whether it is worth it if there is no demo?

“In fact by pirating it you are probably less likely to read reviews of the game, which takes business away from magazines/websites.”

Nonsense. For one thing, I usually resort to piracy on titles that are overlooked by review sites in the first place. (though I admit I am an edge case here) But saying that piracy takes business away from magazines and websites? Ridiculous. How would I know what to look for on the torrent sites in the first place if I’m not reading magazines and websites?

“You could even decide to wait until it is very cheap in a sale,”

Oh please don’t talk about sales. Please. My wallet is still aching from the Steam Summer Sale and all the Kickstarters I’ve backed. Oh and look: Wanderlust is 25% off on Steam. And GoG’s Adventure Sale is still on for about 13 more hours. And that Indie bundle RPS just mentioned. Please, please don’t remind me. The utility bills need to come first!

EDIT 2: Oh yeah, and if I get a legit copy of AC2, for example, and never install the legit version because I’d rather play the cracked version and not put up with the DRM bullshit, again: that’s a sale Ubisoft gained because of piracy not in spite of it.

And please, please name one game which hasn’t had enough footage released so that you can make an informed decision. I’ll be waiting to link you to the footage, reviews, let’s plays, commentary and tell you to get off your lardy fat ass and move from your bedroom, get down to your local independent game store and play their store copy if you really must play it for yourself.

In the meantime stop shirking your individual responsibility and remember “Not every pirated copy is a lost sale” is as unproven as the statement “Piracy harms the games industry”.

Link to some proof before making sweeping statements.

By the way “If” you get round to paying for AC2? How long a demo have you awarded yourself? The full game? If you progressed beyond 1 or 2 levels, you damn well should be paying for it BY YOUR OWN RULES. You really have just shown your quality, by which I mean lack of quality.

Oh and would you be so kind as to post an honest screen capture of your P2P history? I would very much like to see if you’ve pirated a game which had a demo. I’m guessing yes.

Look, everyone pirates. 99.9999% of people who tell you they haven’t and never would are lying. I’ve pirated in the past plenty of times.

What I don’t do is try to distort the truth and perception that I am somehow doing a good thing or that I have any justification as to what I was doing. I was doing a bad thing and I was completely unjustified to do so. It’s this pretence that what you are doing isn’t wrong or that you somehow have the moral high ground that makes me think you are a complete dick and all the other things I wrote.

@mrmalodor
“Every consumer has an inherent right to try or at least see the product they are about to buy”

Yep — haven’t tried that brand of groundbeef at the market? Well open that sucker up and toss it on that grille for sale (2 birds cause I haven’t tried that grille either!). Maybe give that TP a test drive afterwards — its my inherent right!!!

Well, there’s reviews for one, youtube videos showing gameplay often accompanied by a review for two, your local game store will often let you have a go for three – should I go on destroying your feeble excuse for piracy?

Why don’t you try the one where piracy somehow helps the game do better.

It’s very simple. If a game is worth playing there will be a demo for it. If the publisher is so ashamed of it that they’re not willing to risk people being put off by a demo then it’s safe to assume that the game is crap in at least one important way.

Indeed. If you’re prepared to play it you should be prepared to pay for it. Regardless of whom the publisher is and whatever ‘crimes’ they are alleged to have committed. People worked hard on making the games and the money made from sales helps towards funding new projects and keeping them in jobs. This ‘You fucked up Ubi, I’m pirating all your games from now on!!!’ mentality is morally bankrupt.

Problem is i have seen people who say “I’m not getting the game cause of the drm / publisher actions” ALSO get berated on places like this, becuase then “you are not supporting the PC gaming crowd and so publsihers won’t make games on the PC”

Often the people berating those who make a stand are overwhelmed by the people saying “I respect your position”.

In fact a much worse problem is the people who are boycotting a game berating the people who buy the game because whatever the reason for the boycott is not an issue for many. They accuse those people of destroying the games industry too.

That could be a problem, but so far I’ve not noticed a lot of that. Well, around here at any rate. Similar has happened regarding Steam, as Valve is a weak spot for many hiveminders. But overall I’d expect better from the folk here. In fact one of the few things gamers can do is demonstratively not buy a game. At the very least such a gamer can save more money for other things (like other games) and sometimes devs/publishers even change things up after enough cause for them to review their product. And diminished revenue is a big party of that.

Overall, I’d say most RPS folk would stand behind better gaming rather than more gaming regardless.

-edit- That, and supporting choice for gamers is better than to support the industry without question. More games doesn’t equal more choice.

Adding DRM because of pirates is just like making stricter gun laws… the pirates will always find a away and your just getting in the way of good honest people. That being said today’s game companies are always trying to nickel and dime us, working for every cent. If most people who don’t enjoy supporting “Call of duty:Copy Paste 6” didn’t pirate, they most likely wouldn’t have any games to play.

I personally feel like were at a point where the big guys (EA, Activ, UBI) are making garbage, but the independents cant yet make a A+ title. Feels like the medium guys are getting pushed out.

I love it! Any time bullshit policies run into issues it makes me happy. I hope Ubisoft is at least a bit embarrassed and\or ashamed, but that is naive of me to think they care about problems that face their customers due to their shit policies.

Most modern malicious attacks aren’t about deleting data or causing harm, but about getting access to your computer or the data on it without the users realising. The kind of attack you describe is the kind that people would definitely notice, which would draw unwanted attention to the exploit.

A more likely danger is the kind of scenario where someone has their credit card details, on-line banking credentials or other personal information saved somewhere in their user data (for instance a password file in My Documents), that the attacker could make off with. Also if the attacker had knowledge of a separate exploit to raise their access privileges and do more nasty things, this security hole could allow them to make use of that knowledge.

I’d blame Ubi before anyone running Xp or without UAC to be honest – plus the last Steam survey had 15% of people running XP. There are standards to stick by, and enabling an argument that makes your plugin run any exe path should be a red flag to any developer.

With cmd, I don’t think it needs admin to write to your documents, so it could ftp there and then run a file. Stuff might block it, but for some it will get through.

Yes, deleting user files is an issue, particularly if they target %USERPROFILE% etc.

What people are probably thinking when they hear these things is either their Windows folder being maliciously deleted or their system being controlled as part of a botnet, both of which require alteration of key files and the registry, which *should* be protected.

There’s another problem. If any other software on your PC has a known escalation exploit, then that can be easily targeted. For example, if Adobe Reader has an ugly bug (that can be abused by a specific PDF) then this pdf can be downloaded and opened through this exploit. That’s a ton easier than getting you to open a PDF on a webpage.

In essence, any problematic bug in any piece of software you have on your PC can be abused through a web-page.

And of course, everything that runs in user-space can be done. For example, crash your graphics card driver, delete your documents or read any file on your disk and send it to anyone. Anything that does not explicitly require a “Are you sure you want to grant Admin-privileges” dialog.

Logic fail. Lots of people still use XP and it’s still supported by MS. Using it doesn’t mean you deserve to get malware through some security hole in a 3rd party plug-in you didn’t even know a game had installed into your browser. That’s like saying every time you leave the house without a kevlar vest you deserve to be stabbed.

Basically if you have the browser extension installed, any website you visit can execute anything on your computer.

I wouldn’t even call that a “security risk”, it’s a security disaster. A trojan on every customer’s computer, which can be abused right now by pretty much anyone. Hopefully Google and Mozilla are fast to blacklist it, even if it isn’t their mistake.

I really hope Ubisoft won’t easily get away with this, demand trashing their intrusive piece-of-crap DRM system. Sony had trash their rootkit, this should face the same fate.

Couldn’t have happened to a shittier company with a shittier stance on pirating. Isn’t it quite comical that Ubisoft, in an attempt to curve piracy, have turned far more would be customers to piracy with their shitty DRM.

You can either pay Ubisoft a stupid amount for AC and play under severe limitations or you can go download it from thepiratebay and play without all the BS. Great work Ubisoft.

Actually, the whole “pirates slipping malicious code into their releases” risk is quite minimal. Why? Because if they did, and were caught out on it, they would be immediately and completely abandoned by the community. And they, more than others, rely on the community to remain afloat, if they are no longer trusted they will be replaced (remember, the bigger groups don’t do this out of “criminal intent”, but more for “the fame”). Also, you may have noticed that thepiratebay has so-called “VIP” and “trusted” users (marked with a purple/green skull), these are users with a very excellent track record, usually the “official spokesperson” of release groups, and the skulls mark that they are trusted/confirmed by the community (example: VIP user ‘extremezone’).

Of course, if you download files from unknown/unconfirmed sources and get malware on your system, then that’s your own damn fault.

Wait, is this the software that installed itself last night after I booted up From Dust for the first time, and which has no discernable purpose except to annoy me? Good to know it’s potentially malign as well as a waste of my time.

I got From Dust through Steam and Anno 2070 through another online vendor.

The Uplay for Steam games doesn’t display non-Steam games (and vice versa), despite using the same damn account. An account which has a password truncated to 16 chars without telling you, with a client that will accept more than 16 chars, which then doesn’t match the short version. “This has been an issue for some,” is how one of the forum reps put it, as if the blame was ours for not intuiting their secret password size limit.

Well, piss. I only just installed Driver: SF yesterday, and was already angry at myself for giving them my money after A) sitting through an irritating series of patching processes completely separate to Steam, B) having to use Uplay at all and C) seeing what an awful port it is (of a rather brilliant game). I guess now we have a D. And it turns out, just as the legends told, Ds are fucking huge.

Weird, I bought some Ubisift games in the Steam sale and even though I get the Uplay crap on startup of the games, there’s no plugin for it in Chrome. Does it still count if the game is through Steam then or just stand-alones?

Well, there’s the point that Browser and OS security & sandboxing *should* prevent anyone directly placing trojans on your PC. What the PoC seems to show is a) files can be run that are already on your machine & b) a malicious party can base 64 encode a complete string that could be used to silently FTP files onto your machine to execute in case a).

It’s a shocking lapse in security, but equally something that should be a) easily fixable, given how Ubisoft recently updated UPlay without my intervention (it just installed a new version when I went to play AC2) and b) would require some thought to execute a coordinated attack on a number of UPlay users.

I guess XP users are at risk because they’re more than likely running a superuser account, but Windows Vista/7 & Mac OS should throw a UAC/Credentials confirmation if the script tries to do anything more than execute an already accessible program like Calc or (at worse) do something to the current users User folder.

No, not really. Sandboxing doesn’t help against plugins installed into the browser with the express purpose of bypassing the sandbox.

Well, there’s the point that Browser and OS security & sandboxing *should* prevent anyone directly placing trojans on your PC. What the PoC seems to show is a) files can be run that are already on your machine & b) a malicious party can base 64 encode a complete string that could be used to silently FTP files onto your machine to execute in case a).

It’s a shocking lapse in security, but equally something that should be a) easily fixable, given how Ubisoft recently updated UPlay without my intervention (it just installed a new version when I went to play AC2)

So.. it’s fixable *when you try to launch your game. Until then, you’re vulnerable. So if someone, hypothetically, has a game installed that they no longer play….. no automatic fix for them any time soon.

and b) would require some thought to execute a coordinated attack on a number of UPlay users.

Not really. You can run any process on the PC which you have permissions to access. You can do quite a lot of fun stuff in that way. Deleting user files is an obvious one, but if you can find anything like a command-line FTP client or scp, or just a mail client or, well, a number of other applications with network access, then you can probably get them to fetch a new file from some remote server. And execute it.

I don’t know what kind of privileges the process is executed with. I’d assume that it’s run with the user’s own privilege level (which, for nearly everyone means they’re administrators, possibly with UAC enabled — but again, there are quite simple ways to bypass UAC prompts, so even then, you’re essentially fucked)

I guess XP users are at risk because they’re more than likely running a superuser account, but Windows Vista/7 & Mac OS should throw a UAC/Credentials confirmation if the script tries to do anything more than execute an already accessible program like Calc or (at worse) do something to the current users User folder.

– *Many* people, not least gamers, disable UAC
– UAC prompts can be avoided, and that’s been known since Win7 was in beta. Microsoft’s response: “UAC is not a security boundary”, so that’s ok.
– you don’t need to gain administrator privileges to fuck the user over. Deleting or corrupting a few files in the current user’s home dir is more than bad enough.

There is a good way and a bad way to do DRM,
in the same way that there is a good way and a bad way to get your head chopped off in your execution.
The result is still bad for you, and yet sometimes it’s way, way worse than what it should be.
Ubisoft missed the neck and had to strike seven times to decapitate us.
I hope they’ll do this painful thing more competently in the future.

I’ve got Assassin’s Creed II, Brotherhood and Revelations installed but there’s no sign of the extension in Firefox, and the test link just tells me it needs to install a missing plugin. I think NoScript must’ve stopped it in its tracks.

1) While not on 100% of Store Pages, the vast majority of Steam store pages will show if the purchase requires and uses 3rd-Party DRM. This information is located on the right side of the page, above the ESRB rating and/or the game features written in green text such as “Co-op” or “Controller supported”. This information is located on the GTA4 page and all Ubisoft games that were on sale recently.

2) Even in the case of vague information (GTA4 says “SecuROM and unlimited activations, while saying nothing about Rockstar Social Club), the Internet is of course full of first-hand information about the impact of the DRM that is just a search string away. This is just one of the resources available, with the Steam Forums being a common second resource.

So before you deny content creators cash they sometimes deserve and possibly become a blip on some litigation trolls radar, consider changing your critical consumer habits so you can better enjoy the games you want. Looking before leaping will take you surprisingly far in life.

Don’t know if this has been mentioned, but this seems to have only snuck in since Uplay 2.0 was launched. I just launched Driver San Fran and it updated my Uplay client from the old 1.x version to 2.x. I ran the test again and this time Uplay launched. I have now disabled the plugin.

If something actually happened on your computer that somehow causes you damage (deleting important files is a good example of this) and you can prove to an expert that it was caused directly through this exploit (or hire yourself an expert who can prove it) then yes you can – £25 fee and the small claims court beckons!

Not a rootkit, does rootkit like things but not a rootkit because of the level its installed at.

They are in theory in breach of the computer misact ac thowever, as they modified the comptuers settings without permission, unless the latest EULA that no-one reads said they can install a web plugin :P